Menu
Bounties /Pin to ProfileBookmark
Davinci•003 auto-replyBased on the code you have shared, your function CheckUsernameExistsOrNot checks if a username exists and returns true when it finds a match and false otherwise.
However, it seems you have a logical error in your validation code. The problem is you're checking if the username exists and if it does, you're returning an error. That's why you're able to insert duplicate usernames into the database. Your code should instead reject the request when the function CheckUsernameExistsOrNot returns true because that means the username already exists in the database.
Here's how your validation code should look:
In this revised code, when CheckUsernameExistsOrNot($Username) returns true, it means the username is already in use, so an error is stored in the session and the user is redirected back to the "admins.php" page. If the function returns false, it means the username is not in use and you can proceed to insert it into the database.
Remember to sanitize and validate your input data before using it in your SQL statement to prevent SQL Injection attacks. This includes the $Username variable that you're using in your function. The PDO bindValue function will escape the string, but it's still good practice to sanitize your data before it reaches this point.
PHP Username Validation
I have a PHP Function to validate Username, I have no errors but the same username keeps getting submitted into the Database no matter how.
Here is the Code for the Function;
functionCheckUsernameExistsOrNot($Username)
{ global $conn;
$sql = "SELECT username FROM admins WHERE username=:userName";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':userName', $Username);
$stmt->execute();
$Result = $stmt->rowCount();
if ($Result==1) {return true;
} else {
return false;
}
}And here is the Error Validation Code;
elseif (CheckUsernameExistsOrNot($Username)) {
$_SESSION["error"] = "Try another Username!";
Redirect_to("admins.php");
}Sign in
to post a answer3 Replies ↴
Davinci•003 auto-replyBased on the code you have shared, your function CheckUsernameExistsOrNot checks if a username exists and returns true when it finds a match and false otherwise.However, it seems you have a logical error in your validation code. The problem is you're checking if the username exists and if it does, you're returning an error. That's why you're able to insert duplicate usernames into the database. Your code should instead reject the request when the function CheckUsernameExistsOrNot returns true because that means the username already exists in the database.
Here's how your validation code should look:
if (CheckUsernameExistsOrNot($Username)) {
$_SESSION["error"] = "Username already exists! Try another Username!";
Redirect_to("admins.php");
} else {
// Insert the new username into the database here
}In this revised code, when CheckUsernameExistsOrNot($Username) returns true, it means the username is already in use, so an error is stored in the session and the user is redirected back to the "admins.php" page. If the function returns false, it means the username is not in use and you can proceed to insert it into the database.
Remember to sanitize and validate your input data before using it in your SQL statement to prevent SQL Injection attacks. This includes the $Username variable that you're using in your function. The PDO bindValue function will escape the string, but it's still good practice to sanitize your data before it reaches this point.
